The real problem

Why LGPD projects stall

Policies-only approach: 200-page PDF with no operational impact.

Outdated or non-existent data mapping — the foundation of the whole program.

Data subject rights (access, deletion, portability) solved manually by tickets.

Shadow data: personal data in SaaS, spreadsheets and repositories without control.

Incident response without defined flow for ANPD notification (72h).

No KPIs to show the executive board. Compliance feels like a cost center.

Delivery

The Evernow 120-day roadmap

Days 1–30: Discovery & Gap

Automated personal data discovery (Securiti / Purview), interviews with 6–10 areas, legal-basis matrix and gap vs. LGPD / ANPD.

Days 31–60: Foundations

ROPA (data inventory) live in a platform, DPIA on critical flows, privacy notice, contracts with operators, retention policy.

Days 61–90: Controls

Consent management, data-subject-request portal, DLP on critical flows, pseudonymization/encryption on sensitive datasets, cookie banner at ANPD standard.

Days 91–120: Evidence & Governance

Incident playbook with 72h ANPD flow, indicator dashboard, internal training, first privacy committee, ready evidence binder.

Ongoing: DPO as a Service

Certified DPO on retainer, monthly follow-ups, ANPD response, audit support, continuous improvement.

Executive KPIs

% mapped data assets, % flows with legal basis, MTTR for data-subject requests, open DPIAs, residual risk score.

What you receive

14 concrete deliverables (not slides)

  • Live RoPA (data inventory) in platform
  • DPIA on the top-10 critical flows
  • Privacy Notice (public)
  • Internal Data Protection Policy
  • Data Retention Policy per asset
  • Supplier/operator contracts (template + playbook)
  • International transfer matrix
  • Consent management + cookie banner (ANPD standard)
  • Data Subject Request portal (access, deletion, portability)
  • Incident playbook with 72h ANPD notification flow
  • Training (C-level + operational + developers)
  • Privacy governance committee charter
  • Executive KPI dashboard
  • Audit-ready evidence binder
Platforms

Platforms we deploy for LGPD

Securiti.ai

Discovery, DSR, consent and DSPM unified.

Microsoft Purview

Classification and DLP native in Microsoft 365 environments.

OpenText Voltage

Format-preserving encryption for sensitive datasets.

Related

Continue exploring

Data Shield

Data protection pillar: discovery, DSPM, encryption, DLP.

Consent & Privacy Ops

Turn-key consent and DSR operation.

DSPM

Continuous visibility over personal data posture.

Ready to kick off your LGPD program?

Free 30-minute diagnosis with a certified DPO. Walk out with priorities and a realistic roadmap.

Take the free assessment
Request diagnosis
Evernow

Specialized cybersecurity consulting: AppSec, data protection, compliance and security operations.

Solutions

Industries

Resources

Company

Contact

Copyright Evernow © 2026. All rights reserved.